Posts by Guy Helmer :

The recent disclosures over former Secretary of State Hillary Clinton using a private email server for all communication offers an opportunity to review corporate policies regarding email use and security best practices. Unfortunately for corporate information security, this is not an unusual situation. When deploying data loss prevention systems, it is common to find users either forwarding their corporate email to non-company servers, or sharing confidential email contents inappropriately.

Business partners, outsourcers, service providers or consultants — companies regularly make use of outside resources to handle business functions. In our 24/7, always-online business environment, these outside resources are often granted access to internal IT, whether through minimal access via an externally-available email account, though a vendor portal, or via a VPN tunnel. Such access granted to outsiders effectively extend an organization’s security “attack surface.” How well is that...

In a previous blog post, Information Security Maturity, I mentioned that organizations with mature information security management programs have policies that govern the enterprise, systems, and issues. In implementation of policies, it is common to attempt to quantify risks to support priorities of actions and costs, such as remediation or replacement efforts, as organizations need to manage their level of risk and exposure. Rafal Los (AKA Wh1t3Rabbit) recently blogged...

Earlier this month, I wrote an article for CIO Review, “Government IT – The Data Debate,” on the information security challenges faced in the government sector. Nowhere is there a more regulated space within which IT must work to protect large amounts of sensitive data and guard against security incidents that may put the data (and the organization) at risk. All on an ever-diminishing budget, of course. I spent the early...

Over the weekend, I finally received notification from Adobe that my ID and “encrypted” password had been compromised in an incident back at the beginning of October. (Not to pile on Adobe here, but if you haven’t heard, the “encrypted” passwords were encrypted very poorly. Password cracking experts have had a field day analyzing the data. Sophos has a neat visualization of the poor quality of encryption used by...